Fw: Don't favour https ( LC-2382)

fyi. We seem to have a philosophical divide on this question (at least 
that is my first reaction). It seems that existing web architecture 
documents do not address the topic of user interface and user 
understanding implications at all (perhaps someone can correct me on 
that). This seems to be in part what the new web science notion is about; 
build an understanding of humans into the overall model. It's not clear to 
me that we actually have an architecture today that maps to the 
architectural model of AWWW (Architecture of the World Wide Web), as I 
don't know where the security characteristics otherwise are or would be. 
So a spec that articulates current best practice would of necessity be at 
odds with a model that was not fully realized. 

It's always hard to know which items one should "go to the mat" on. 

          Mez


----- Forwarded by Mary Ellen Zurko/Westford/IBM on 04/23/2010 06:16 PM 
-----

From:   Krzysztof Maczyński <1981km@gmail.com>
To:     <mzurko@us.ibm.com>
Cc:     <public-usable-authentication@w3.org>
Date:   04/23/2010 10:12 AM
Subject:        Re: Don't favour https ( LC-2382)
Sent by:        public-usable-authentication-request@w3.org



> It would be confusing to
> users to see an indication of TLS security, such as augmented assurance
> (such as with EV) certificates, and an http: URI.
This is based on a misunderstanding about URIs. They identify resources, 
not characteristics of access to those resources (such as security). AWWW 
and other documents are clear on this. Existing confusion in some users 
should be rectified, not entrenched, lest I formally object. My request 
that the spec doesn't go for the latter (specifically, removing "an https 
URL was used" from the definition would resolve the issue) still stands.

Best regards,

Krzysztof Maczyński
Invited Expert, HTML WG